-
Notifications
You must be signed in to change notification settings - Fork 780
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make using letsencrypt.org really easy #207
Comments
👍 to that |
Well, I think that the first step is adding instructions, or even a link, on hows to use letsencrypt, on the Encrypted Connections wiki page. It would be much simpler than having to manually acceptance certificates in the browser, which is the current recommendation. |
@dzil123 we would gladly review/accept a PR ;) |
Today, I used letsencrypt's certbot to obtain certificates:
I am now using websockify with
It won't get any easier than that, I guess. |
Right now running novnc/websockify over SSL with unattended deployment requires extra startup scripting, because certbot needs to be run on the host or container after it's up and reachable via DNS, but before novnc or websockify starts. This would be made easier by adding email and fqdn flags to noVNC/utils/launch.sh. This would enable novnc to call something like this:
...then novnc would pass --cert and --key to websockify. Variations would include using --webroot instead of --standalone, and getting certbot to support ports other than 80 or 443: |
To encourage people to use wss/tls encryption, we should make it really simple for people to implement a signed cert using letsencrypt.org (which should be going into general availability in the next couple of months). Perhaps direct automatic integration (since that's one of the goals of Let's Encrypt), but at least, we should document a straightforward process for using it.
The process is documented here: https://letsencrypt.org/howitworks/technology/
The text was updated successfully, but these errors were encountered: